[PDF] - Microk ernels Meet Recursive Virtual Machines Bry an F o rd PDF Document

SLIDE 1 Microk ernels Meet Recursive Virtual Machines Bry an F

rd

Mik e Hibler Ja y Lep reau P atrick T ullmann Go dma r Back Stephen Cla wson Depa rtment

f

Computer Science Universit y

f

Utah http://www.cs.utah.edu/projects/flu x/ Octob er 30, 1996 1

SLIDE 2 The Nested Pro cess Mo del Child p ro cess is encapsulated in its pa rent.

Traditional Process Model Nested Process Model Child Child State Child State State State State Child Process Parent Parent Process State

P a rent has complete control

ver

the child. 2

SLIDE 3 Supp

rts

ecient decomp

sition
f

system services

Process Manager Process Manager Checkpointer App Fluke Microkernel App Paged App Paged Process Manager Virtual Memory Manager App Persist. App Realtime App Persist. Realtime

) mo dula rit y, extensibilit y, securit y, : : : 3

SLIDE 4 Virtual Machine Simulato rs

App/OS App/OS App/OS

Processor

Virtual Machine Simulator Machine Simulator

4

SLIDE 5 Virtual Machine Monito rs

App/OS App/OS

Processor

Basic Instruction Set Privileged and Sensitive Instructions

App/OS Virtual Machine Monitor Virtual Machine Monitor

Processor

5

SLIDE 6 The Fluk e Nested Pro cess Architecture

Basic Instruction Set Low-level System Call API Privileged and Sensitive Instructions IPC-based Common Protocols API

Processor Microkernel Nester Nester Nester Application

6

SLIDE 7 Hiera rchical Resource Management A child can

btain

resources

nly

through its pa rent. These resources a re managed directly b y the microk ernel:

CPU

time: Hiera rchical scheduling, e.g., CPU Inheritance Scheduling

Memo

ry: Relative Address Spaces

Kernel
bjects

(threads, p

rts,

etc.): Relative Address Spaces 7

SLIDE 8 Relative Address Spaces

Mapping

Address Spaces

Mapping

Root Space (Physical Memory)

8

SLIDE 9 Fluk e Lo w-level Objects

Low-level Fluke Objects

Root Space (Physical Memory)

9

SLIDE 10 State Visibil it y

Process Active

Parent Process

Passive Child State Child

10

SLIDE 11 Relativit y

f

Reference

Lo

w-level API includes no absolute names, p rivileges,

r

resources.

Classic

k ernel-mediated capabilit y mo del gives relativi t y

f

cross-domain references and \sho rt-circuiting"

f

nesting la y ers. 11

SLIDE 12 Fluk e Capabilit y Mo del

Reference Port Port

12

SLIDE 13 Fluk e Architecture Comp

nents

API Memory API Memory API Memory API FS API FS API

Processor Microkernel

Basic Instruction Set Low-level System Call API Privileged and Sensitive Instructions IPC-based Common Protocols API

FS API FS API Process API Process API Process API API Process

Memory Manager Tracer/Security Monitor Manager Process Application Processor

Memory

Microkernel

13

SLIDE 14 High-level Common Proto cols Interfaces common to a set

f

co

p

erating nesters. F

r

example, Parent:: get process service get memory service Process:: create child exec Memory:: create var segment create sub pool FileSystem::

pen

close mkdir FileDescription:: read write map 14

SLIDE 15 Nested Pro cess Mo del Gives:

OS

Mo dula rit y: each service is implemented b y a distinct p ro cess (a \nester")

Extensibilit

y: a mo died service can b e p rovided b y a second nester

r

a mo died nester

Comp
sition:

nesters can b e mixed and matched

Flexible

scop e: can apply a service to a group

f

p ro cesses just as easily as to

ne
Securit

y: strong securit y mechanisms \fo r free"

Strong

resource control: p rovided b y hiera rchical structure

Flexibilit

y: strict hiera rchy is enabled, not enfo rced 15

SLIDE 16 Protot yp e Implementation

Kernel:

\p

rtable,"

unoptimized, written in C

Lib

ra ries { libc: p rovides client side

f

Common Proto cols { libnest: p rovides server side

f

Common Pro- to cols

Nesters

{ Debugger { T racer { Pro cess Manager { Virtual Memo ry Manager { Checkp

inter

{ Filesystem nester

Applications:

16

SLIDE 17 Results

Absolute

p erfo rmance

Relative

slo wdo wn 17

SLIDE 18 T est Programs T est Fluk e F reeBSD memtest 929.1 ms 914.9 ms appel2 5.4 ms 3.6 ms readtest 125.8 ms 153.0 ms matconn 102.9 ms 71.6 ms cc1 3.83 sec 3.85 sec 18

SLIDE 19

Relative Slowdown for Full Interposition

10 20 30 40 50 60 70 80 90 100 KS KS+TR KS+TR^2 KS+TR^3 KS+TR^4 Nester Configurations Relative Slowdown in Percent

readtest fibforkwait appel2 memtest matrixconn

compile

SLIDE 20

Relative Slowdown for Realistic Nester Configurations

10 20 30 40 50 60 70 80 90 100 K KP KMP KCMP KCMPT

Nester Configuration

Slowdown in Percent

fibforkwait memtest appel2 matrixconn compile readtest

SLIDE 21 Related W

rk
CAP:

ea rly nested p ro cess a rchitecture

L4,

Grasshopp er: memo ry remapping

System

38, Intel i960XA: \tagged memo ry"

Amo

eba, Cache Kernel: state accessibilit y , with some constraints

Stack

able lesystems & net w

rk

p roto cols: domain-sp ecic stacking 21

SLIDE 22 Status

Kernel,

lib ra ries, nesters as ab

ve:

sup- p

rts

POSIX subset

n

x86

Kernel

API published

Source

release within a few months

P
rtable

p rotot yp e not fast; ho w ever... 22

SLIDE 23 GNU Apps Running

n

Fluk e

compile:

gcc cpp cc1 mak e ga wk bsdsed bash-batch

binutils:

gas ld a r

bjcop

y

bjdump

ranlib size strings nm strip gp rof

leutils:

chgrp chmo d cho wn cp dd dir dircolo rs du ginstall ln ls mkdir mkfo mkno d mv rm rmdir sync touch vdir

textutils:

cat cksum comm csplit cut expand fmt fold head join md5sum nl

d

paste p r so rt split sum tac tail tr unexpand uniq w c

diutils:

cmp di di3 sdi

shellutils:

basename date dirname echo env exp r facto r false groups hostname id logname pathchk p rintenv p rintf p wd seq sleep stt y tee test true tt y uname users who whoami y es 23

SLIDE 24 Conclusion Fluk e combines p rinciples

f

microk ernels and virtual machines to supp

rt:
Complete

state encapsulation and control

Eciently

stack able OS services

Mo

dula rized VM, p ro cess management, debugging, tracing, checkp

inting.

24